[Toybox] [Patch] dhcp client - crash fix

Ashwini Sharma Wed, 21 May 2014 01:46:23 -0700

Hi Rob, list,

dhcp client had a segfault, when DHCP message contained 'pad' option.


The parsing logic kept checking for other options beyond __pad__ option,
without
checking if it was __end__ option after that or not.

--- a/toys/pending/dhcp.c 2014-05-14 06:15:01.000000000 +0530
+++ b/toys/pending/dhcp.c 2014-05-21 14:11:22.396020084 +0530
@@ -1101,7 +1101,10 @@
   }

   while (*optptr != DHCP_OPTION_END) {
-    while (*optptr == DHCP_OPTION_PADDING) optptr++;
+    if (*optptr == DHCP_OPTION_PADDING) {
+      optptr++;
+      continue;
+    }
     if (*optptr == DHCP_OPTION_OVERLOAD) {
       overloaded = optptr[2];
       optptr += optptr[1] + 2;

Please apply the attched fix patch to dhcp.c

regards,
Ashwini

dhcp.c.patch
Description: Binary data

_______________________________________________
Toybox mailing list
Toybox@lists.landley.net
http://lists.landley.net/listinfo.cgi/toybox-landley.net

[Toybox] [Patch] dhcp client - crash fix

Reply via email to